Is there any way to invalidate all active HTTP sessions?We have a requirement that before system maintenance, we have to back up session data before we take down server.